Link to home
Start Free TrialLog in
Avatar of cscdubai
cscdubaiFlag for United Arab Emirates

asked on

how to remove newfolder.exe, Bimat.exe and IEXPLORER.exe

Hi Friends,

I am facing a lot of problem regarding the infection in our network newfolder.exe, Bimat.exe and  IEXPLORER.exe. I am using Combofix and SDFix tools to clean, its perfectly working but again the users get same problem after 1 or 2 days may be thsi will be happening of network and i cant clean network with in one or two days coz we have more than 100 Pc. we are using Kaspersky and ESET Nod32 Antivirsus only so is there any tool it will remove from network or any anti spyware or else software it will make helpful and protection to our network. the acceptable answer from any one will helpful to me...............
Avatar of NaturaTek
NaturaTek
Flag of United States of America image

CSC,

I feel your pain. If I were you, I would reinstall and make a image with acronis. When users cause damage, just reimage them in 6 minutes and copy their data back on for WORST case scenarios.
If you have more than 100 pcs, this is ideal. Will save you lots of work down the road.

However to clean up in your situation I would first disable system restore. Download ccleaner from ccleaner.com
Download superantispyware (superantispyware.com) and malwarebytes antimalware (malwarebytes.org)

Boot into safe mode. Run ccleaner. The reason I do ccleaner first is because it will clean out all temp files, caches, etc..so you don't have to spend a extra hour or so scanning nonsense files.
Run Malwarebytes, do a full scan, remove all selected when done, reboot in safemode, run superantispyware, full scan, remove all selected reboot in safe mode.

Download autoruns from Microsoft. Run it and see if you find any strange service/driver/app loading up that you know for sure it's not related to the OS or your environment. Delete them.

Boot normally and see if you are cleaned.

Combofix in safe mode is a last step in my book. Eset is good so is Kaspersky, and many others. In my years of experience I find one antivirus finds something another wont. Same apply for antispyware programs.

Believe it or not for a business environment I would stick with Kaspersky or Symantec Endpoint protection..because it is very strict and configurable in network environments.

If you are using Eset 4.0, go into options and create yourself a bootable cd from there, so you can boot from the eset CD and scan without even booting into windows. Same with Kaspersky..I think they have that option as well now.

Of course, before running any scan, or creating a boot scan cd, be sure to update definition files to current date.

I do swear by a good antivirus used in combination with malwarebytes and superantispyware. I don't run them all together, I do run the last 2 as maintenance every week or two, or the moment a user did web browsing in the underworlds.

I would create policies to prohibit installation of rogue programs and create security in Internet Explorer preventing sites with keywords or designated sites. Of course if you guys have some network rackmount items, you can create rules to prohibit sites into your network.

Doesn't matter if you clean and clean, users will be users and will click on every dang thing on the web, in a few days, computer will be infected all over again.

I do find symantec endpoint or eset RUNNING along side of malwarebytes in REAL TIME (this is a paid feature) to be VERY effective.

Best wishes
Avatar of cscdubai

ASKER

but what ever the comment u give it really not helpful me i tried it but fail
I don't know the level of your infection. If you  tried the combofix and all else I posted above, then perhaps your system is infected with a certain rootkit, cloaked malware to a point where it might not even be worth it to repair.

If you did the scans above, please post the log of malwarebytes here, log of combofix here.
Download hijackthis http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
And post the log here.

In mean time back up your important documents. Pull out your windows xp cd and consider deleting your partition, recreating it and reinstalling windows xp.
leave your windows xp in the cd rom, when you boot up it should start the cd, if not, go into bios, select the CDrom in boot priority to be 1st. Xp install will guide you on deleting your existing installation.

ASKER CERTIFIED SOLUTION
Avatar of cscdubai
cscdubai
Flag of United Arab Emirates image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial